Our personal data is valuable, however too often organisations are misusing, losing or negligently allowing cybercriminals access to this information, the results of which can be devastating for anyone.
If you can prove that you are the victim of a personal data breach that has led to financial damages or distress beyond a mild convenience, you should be able to claim compensation.
If you’ve discovered that you have been the victim of a personal data breach, or you have found that your information has been misused in a manner that breaches the Data Protection Act 2018 then you may be due compensation.
We help victims of data breaches claim against organisations who have failed to protect their personal data. Our team can advise you if you have a valid claim and then guide you through the rest of the process.
We can determine if you have a valid data protection breach claim and guide you through the claims process. Get in touch today with details of your breach.
Get in touch with us today if you’d like to make a claim.Get In Touch
What is a data breach?
A data breach is an incident that leads to personal data being destroyed, lost, corrupted or disclosed. This includes someone passing on personal data without authorisation, someone accessing the data who shouldn’t, or the unavailability of personal data having a negative effect on an individual.
What is personal data?
Personal data is information which can be used to directly identify the relating persons. Personal data can also be information that can be used to indirectly identify a person, when used in combination with other information.
If an individual is identifiable from the information, then this may be personal data. Importantly, information must relate to an individual, in order for it to be considered personal data.
For example, although a name is a common means of identifying someone, a name alone, such as Jane Smith may not be sufficient to identify a specific person. However, a name in conjunction with a phone number and address relating to this name would make it constitute personal data.
How do I know if I’ve suffered from a data breach?
You might not always be made aware that you’ve suffered a data breach straight away, although organisations are bound by law to inform you as soon as possible, in some cases they might not be aware that the breach has taken place at all.
Here are some ways that you might be informed of a data breach:
- You may be notified of a breach by an organisation by email, letter or phone call. An organisation may inform you that your personal data that is stored with them has been breached.
- You could be copied into an email that contains personal information of yours. You may receive an email from an organisation containing your personal information and notice that other people have been copied in.
- Your information may have been unintentionally shared via legal documentation. Your contact details may have been inadvertently shared with others in the course of a legal battle. This could lead to your information being shared with those who you are opposed against.
- You may receive notice that a loan has been taken out in your name, or money has left your account. You could receive notification from a bank or credit organisation that your personal information has been used without your knowledge.
- You may be contacted by a person you are trying to avoid who has been given personal data pertaining to you. An organisation may have intentionally or accidentally disclosed your contact details to persons who wish to harm you, such as an abusive partner or biological parent of a foster child.
Read more data protection breach examples to see if any of these are similar to your own case.
How to check a data breach
If you’ve been notified of a data breach in the case of the above examples, or if you believe that your personal data has been breached in another way, then we may be able to help you claim compensation.
Our team of friendly legal experts can advise you as to whether or not you’ve been the victim of a data breach. They can then guide you through the claims process, we’ll make sure to leave the legal jargon out of it and keep you updated with every step through your claim.
Unfortunately, not all data breaches can provide the grounds for a valid compensation claim. We’ll be able to let you know if you’re able to make a claim, if your claim isn’t valid then we’ll be able to point you in the direction of guidance elsewhere.
If we believe your case meets the requirements of a successful data breach compensation claim then we’ll explain your options and may take your case on a no win, no fee basis.
We’ll assess your data breach case free of charge. Use the contact form to let us know the details of your case and we’ll get back to you with an answer as soon as possible.
Who can make a data protection breach compensation claim?
According to the GDPR, anyone living within the EU can make a claim after a data protection breach has caused them to suffer ‘material or non-material damage’. Individuals and organisations alike can claim compensation for data protection breaches.
In order to make a successful claim, it must be proved that the claimant has suffered as a result of the breach. The success of a claim and the amount of compensation that will be awarded will depend on the severity of the damage caused to the claimant.
What can you claim data breach compensation for?
The GDPR makes allowances for data protection breach claims to be made as a result of both material and non-material damages. Compensation can be made as a result of direct financial loss, as well as non-material distress.
Examples of data breaches can vary wildly, the most straight forward data breach compensation claim can be made when a data breach has directly led to an individual losing money. Claims can also be made for lost earnings, such as in the case where a claimant is terminated from a role as the result of a data protection breach.
In 2014 a precedent was set in UK law that a claim for compensation as a result of data breach could be made even if the claimants had not suffered any financial loss. The case of Juith Vidal-Hall (2) Robert Hann (3) Marc Bradshaw V Google involved a group of individuals suffering distress after learning that their ‘personal characteristics’ informed Google’s advertisements that were shown to them on their mobile devices, even after they had set their privacy settings to block third party cookies.
Claimants suffering from distress, anxiety or worry as a result of a data protection breach can claim for compensation to pay for any private treatment that they might require, such as counselling. It’s also possible to claim if the breach has caused a recognised psychological condition, or had a general effect on the claimant’s domestic or social life.
The amount of compensation that you can claim for a data breach depends on a number of factors including the sensitivity of the information, the length of time between the organisation finding out about the breach and informing you, your financial losses and any distress that has been caused as a result.
Find out more about data breach compensation amounts.
Reporting a data breach
Organisations are required to report all data breaches to the Information Commissioner’s Office (ICO). This public body upholds information rights in the public interest and fine organisations that violate data protection laws. The ICO took 28 enforcement actions against organisations in 2019 – these include telecoms provider EE and Her Majesty’s Revenue & Customs.
If you think you’ve been effected by a data breach
We can offer advice and guidance on your next steps.Get In Touch
When should an organisation report a data breach?
According to the ICO, an organisation should report a notifiable data breach without delay and no later than 72 hours after becoming aware of it. However, the organisation does not always have to inform the individuals that are affected by the breach.
In cases where the breach of personal data only leads to a mild inconvenience on the individuals affected, organisations can avoid informing them altogether. Organisations must perform a risk assessment after discovering a personal data breach which should direct their actions. The ICO can, however, force them to inform individuals, if they deem the data breach to pose a serious risk.
Organisations who delay reporting a data breach could put an individual into even further risk of damage, this could then be used as the basis of a data breach claim.
What are the consequences of a data breach?
The consequences of a personal data breach can be far-reaching and potentially life-altering. Our team has fielded hundreds of data breach enquiries and understand how much they can affect a person’s life.
Financial – A data breach can have a devastating effect on your finances, regardless of how secure you may be. Many data breaches involving financial information don’t result in an immediate loss, however, as the data may be stored and sold at a later date.
Personal – In some cases, a personal data breach could lead to major life changes. A breach may force a person to move house, lose their job or be separated from their family. These have their own set of consequences that go beyond financial damages.
Psychological – Perhaps most importantly, a data breach can cause intense stress and psychological trauma to an individual, especially in cases involving abusive relationships and family disputes. These damages can not be understated and should be compensated accordingly.
How much can you claim for a data breach?
The amount of compensation you can claim for a data breach will depend on the circumstances. For example, in cases where your name has been breached in conjunction with financial details, you could reasonably claim up to £5,000. You may be able to claim more for a data breach if you can prove that breach has more than just damaged your finances. If the consequences of a data breach have negatively affected a pre-existing illness then you may be able to claim more compensation as a result.
Data Breach Help is run by the accredited Cobleys Solicitors Ltd, one of the largest specialist litigation practices on Merseyside. Recommended by The Times as one of the Top 200 Law Firms in the UK, Cobleys Solicitors Ltd runs Data Breach Help with its industry-leading experts and premium resources.